Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: signatures for Oracle Alert 68
From: Valdis.Kletnieks () vt edu
Date: Tue, 23 Nov 2004 14:47:17 -0500

On Tue, 23 Nov 2004 18:43:22 +0100, "Antonio Javier G. M." said:
We need signatures for IDS/IDP for Oracle's alert 68.
How can we protect against these attacks if we can not apply patches in some 

Just a reminder for everybody and the archives - unless you're using some sort
of firewall appliance that doesn't pass a packet that triggers a signature,
having a signature doesn't actually protect you.

If you're just using Snort, and it coughs up a "Signature for Oracle 68"
message, it's *too late*.  That's not a condom, that's the doctor telling you
the test came back positive.

(An amazing number of people manage to get confused on this point, and probably
get hacked as a result....)

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]